Alternatively, it may try to map the certi
?¬?cate to an application account (that is, an identity that
makes sense only in the context of the website application).
3. When the Web request has been mapped to an account,
the usual authorization checks will take place.
Figure 1-15 summarizes the process.
It is very straightforward. Furthermore, SSL is a widely implemented
standard, supported by all the major browsers, Web
server software, and platforms. The chance of leveraging interoperable
client authentication seems like it would be fairly high
given that SSL use is ubiquitous. Yet, this is not an exceptionally
common scenario.
SSL client authentication is great when the infrastructure is already
in place. If an employee is trying to access a website that
is an asset of its employer network, where he owns an account,
SSL client authentication is a way of extracting further return on
investment (ROI) from the certi?¬?cate infrastructure investment. If
Again, HTTPS
client certi?¬?cate
authentication can
be viable in enterprises
with strong
governance
64 The Problem
somebody already went through the headache of the provisioning
problems, enabling SSL client authentication has very little
cost compared to that.
Pages:
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126